1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * HCI based Driver for NXP PN544 NFC Chip
4  *
5  * Copyright (C) 2012  Intel Corporation. All rights reserved.
6  */
7 
8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9 
10 #include <linux/delay.h>
11 #include <linux/slab.h>
12 #include <linux/module.h>
13 
14 #include <linux/nfc.h>
15 #include <net/nfc/hci.h>
16 
17 #include "pn544.h"
18 
19 /* Timing restrictions (ms) */
20 #define PN544_HCI_RESETVEN_TIME		30
21 
22 enum pn544_state {
23 	PN544_ST_COLD,
24 	PN544_ST_FW_READY,
25 	PN544_ST_READY,
26 };
27 
28 #define FULL_VERSION_LEN 11
29 
30 /* Proprietary commands */
31 #define PN544_WRITE		0x3f
32 #define PN544_TEST_SWP		0x21
33 
34 /* Proprietary gates, events, commands and registers */
35 
36 /* NFC_HCI_RF_READER_A_GATE additional registers and commands */
37 #define PN544_RF_READER_A_AUTO_ACTIVATION			0x10
38 #define PN544_RF_READER_A_CMD_CONTINUE_ACTIVATION		0x12
39 #define PN544_MIFARE_CMD					0x21
40 
41 /* Commands that apply to all RF readers */
42 #define PN544_RF_READER_CMD_PRESENCE_CHECK	0x30
43 #define PN544_RF_READER_CMD_ACTIVATE_NEXT	0x32
44 
45 /* NFC_HCI_ID_MGMT_GATE additional registers */
46 #define PN544_ID_MGMT_FULL_VERSION_SW		0x10
47 
48 #define PN544_RF_READER_ISO15693_GATE		0x12
49 
50 #define PN544_RF_READER_F_GATE			0x14
51 #define PN544_FELICA_ID				0x04
52 #define PN544_FELICA_RAW			0x20
53 
54 #define PN544_RF_READER_JEWEL_GATE		0x15
55 #define PN544_JEWEL_RAW_CMD			0x23
56 
57 #define PN544_RF_READER_NFCIP1_INITIATOR_GATE	0x30
58 #define PN544_RF_READER_NFCIP1_TARGET_GATE	0x31
59 
60 #define PN544_SYS_MGMT_GATE			0x90
61 #define PN544_SYS_MGMT_INFO_NOTIFICATION	0x02
62 
63 #define PN544_POLLING_LOOP_MGMT_GATE		0x94
64 #define PN544_DEP_MODE				0x01
65 #define PN544_DEP_ATR_REQ			0x02
66 #define PN544_DEP_ATR_RES			0x03
67 #define PN544_DEP_MERGE				0x0D
68 #define PN544_PL_RDPHASES			0x06
69 #define PN544_PL_EMULATION			0x07
70 #define PN544_PL_NFCT_DEACTIVATED		0x09
71 
72 #define PN544_SWP_MGMT_GATE			0xA0
73 #define PN544_SWP_DEFAULT_MODE			0x01
74 
75 #define PN544_NFC_WI_MGMT_GATE			0xA1
76 #define PN544_NFC_ESE_DEFAULT_MODE		0x01
77 
78 #define PN544_HCI_EVT_SND_DATA			0x01
79 #define PN544_HCI_EVT_ACTIVATED			0x02
80 #define PN544_HCI_EVT_DEACTIVATED		0x03
81 #define PN544_HCI_EVT_RCV_DATA			0x04
82 #define PN544_HCI_EVT_CONTINUE_MI		0x05
83 #define PN544_HCI_EVT_SWITCH_MODE		0x03
84 
85 #define PN544_HCI_CMD_ATTREQUEST		0x12
86 #define PN544_HCI_CMD_CONTINUE_ACTIVATION	0x13
87 
88 static const struct nfc_hci_gate pn544_gates[] = {
89 	{NFC_HCI_ADMIN_GATE, NFC_HCI_INVALID_PIPE},
90 	{NFC_HCI_LOOPBACK_GATE, NFC_HCI_INVALID_PIPE},
91 	{NFC_HCI_ID_MGMT_GATE, NFC_HCI_INVALID_PIPE},
92 	{NFC_HCI_LINK_MGMT_GATE, NFC_HCI_INVALID_PIPE},
93 	{NFC_HCI_RF_READER_B_GATE, NFC_HCI_INVALID_PIPE},
94 	{NFC_HCI_RF_READER_A_GATE, NFC_HCI_INVALID_PIPE},
95 	{PN544_SYS_MGMT_GATE, NFC_HCI_INVALID_PIPE},
96 	{PN544_SWP_MGMT_GATE, NFC_HCI_INVALID_PIPE},
97 	{PN544_POLLING_LOOP_MGMT_GATE, NFC_HCI_INVALID_PIPE},
98 	{PN544_NFC_WI_MGMT_GATE, NFC_HCI_INVALID_PIPE},
99 	{PN544_RF_READER_F_GATE, NFC_HCI_INVALID_PIPE},
100 	{PN544_RF_READER_JEWEL_GATE, NFC_HCI_INVALID_PIPE},
101 	{PN544_RF_READER_ISO15693_GATE, NFC_HCI_INVALID_PIPE},
102 	{PN544_RF_READER_NFCIP1_INITIATOR_GATE, NFC_HCI_INVALID_PIPE},
103 	{PN544_RF_READER_NFCIP1_TARGET_GATE, NFC_HCI_INVALID_PIPE}
104 };
105 
106 /* Largest headroom needed for outgoing custom commands */
107 #define PN544_CMDS_HEADROOM	2
108 
109 struct pn544_hci_info {
110 	const struct nfc_phy_ops *phy_ops;
111 	void *phy_id;
112 
113 	struct nfc_hci_dev *hdev;
114 
115 	enum pn544_state state;
116 
117 	struct mutex info_lock;
118 
119 	int async_cb_type;
120 	data_exchange_cb_t async_cb;
121 	void *async_cb_context;
122 
123 	fw_download_t fw_download;
124 };
125 
pn544_hci_open(struct nfc_hci_dev * hdev)126 static int pn544_hci_open(struct nfc_hci_dev *hdev)
127 {
128 	struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
129 	int r = 0;
130 
131 	mutex_lock(&info->info_lock);
132 
133 	if (info->state != PN544_ST_COLD) {
134 		r = -EBUSY;
135 		goto out;
136 	}
137 
138 	r = info->phy_ops->enable(info->phy_id);
139 
140 	if (r == 0)
141 		info->state = PN544_ST_READY;
142 
143 out:
144 	mutex_unlock(&info->info_lock);
145 	return r;
146 }
147 
pn544_hci_close(struct nfc_hci_dev * hdev)148 static void pn544_hci_close(struct nfc_hci_dev *hdev)
149 {
150 	struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
151 
152 	mutex_lock(&info->info_lock);
153 
154 	if (info->state == PN544_ST_COLD)
155 		goto out;
156 
157 	info->phy_ops->disable(info->phy_id);
158 
159 	info->state = PN544_ST_COLD;
160 
161 out:
162 	mutex_unlock(&info->info_lock);
163 }
164 
pn544_hci_ready(struct nfc_hci_dev * hdev)165 static int pn544_hci_ready(struct nfc_hci_dev *hdev)
166 {
167 	struct sk_buff *skb;
168 	static struct hw_config {
169 		u8 adr[2];
170 		u8 value;
171 	} hw_config[] = {
172 		{{0x9f, 0x9a}, 0x00},
173 
174 		{{0x98, 0x10}, 0xbc},
175 
176 		{{0x9e, 0x71}, 0x00},
177 
178 		{{0x98, 0x09}, 0x00},
179 
180 		{{0x9e, 0xb4}, 0x00},
181 
182 		{{0x9c, 0x01}, 0x08},
183 
184 		{{0x9e, 0xaa}, 0x01},
185 
186 		{{0x9b, 0xd1}, 0x17},
187 		{{0x9b, 0xd2}, 0x58},
188 		{{0x9b, 0xd3}, 0x10},
189 		{{0x9b, 0xd4}, 0x47},
190 		{{0x9b, 0xd5}, 0x0c},
191 		{{0x9b, 0xd6}, 0x37},
192 		{{0x9b, 0xdd}, 0x33},
193 
194 		{{0x9b, 0x84}, 0x00},
195 		{{0x99, 0x81}, 0x79},
196 		{{0x99, 0x31}, 0x79},
197 
198 		{{0x98, 0x00}, 0x3f},
199 
200 		{{0x9f, 0x09}, 0x02},
201 
202 		{{0x9f, 0x0a}, 0x05},
203 
204 		{{0x9e, 0xd1}, 0xa1},
205 		{{0x99, 0x23}, 0x01},
206 
207 		{{0x9e, 0x74}, 0x00},
208 		{{0x9e, 0x90}, 0x00},
209 		{{0x9f, 0x28}, 0x10},
210 
211 		{{0x9f, 0x35}, 0x04},
212 
213 		{{0x9f, 0x36}, 0x11},
214 
215 		{{0x9c, 0x31}, 0x00},
216 
217 		{{0x9c, 0x32}, 0x00},
218 
219 		{{0x9c, 0x19}, 0x0a},
220 
221 		{{0x9c, 0x1a}, 0x0a},
222 
223 		{{0x9c, 0x0c}, 0x00},
224 
225 		{{0x9c, 0x0d}, 0x00},
226 
227 		{{0x9c, 0x12}, 0x00},
228 
229 		{{0x9c, 0x13}, 0x00},
230 
231 		{{0x98, 0xa2}, 0x09},
232 
233 		{{0x98, 0x93}, 0x00},
234 
235 		{{0x98, 0x7d}, 0x08},
236 		{{0x98, 0x7e}, 0x00},
237 		{{0x9f, 0xc8}, 0x00},
238 	};
239 	struct hw_config *p = hw_config;
240 	int count = ARRAY_SIZE(hw_config);
241 	struct sk_buff *res_skb;
242 	u8 param[4];
243 	int r;
244 
245 	param[0] = 0;
246 	while (count--) {
247 		param[1] = p->adr[0];
248 		param[2] = p->adr[1];
249 		param[3] = p->value;
250 
251 		r = nfc_hci_send_cmd(hdev, PN544_SYS_MGMT_GATE, PN544_WRITE,
252 				     param, 4, &res_skb);
253 		if (r < 0)
254 			return r;
255 
256 		if (res_skb->len != 1) {
257 			kfree_skb(res_skb);
258 			return -EPROTO;
259 		}
260 
261 		if (res_skb->data[0] != p->value) {
262 			kfree_skb(res_skb);
263 			return -EIO;
264 		}
265 
266 		kfree_skb(res_skb);
267 
268 		p++;
269 	}
270 
271 	param[0] = NFC_HCI_UICC_HOST_ID;
272 	r = nfc_hci_set_param(hdev, NFC_HCI_ADMIN_GATE,
273 			      NFC_HCI_ADMIN_WHITELIST, param, 1);
274 	if (r < 0)
275 		return r;
276 
277 	param[0] = 0x3d;
278 	r = nfc_hci_set_param(hdev, PN544_SYS_MGMT_GATE,
279 			      PN544_SYS_MGMT_INFO_NOTIFICATION, param, 1);
280 	if (r < 0)
281 		return r;
282 
283 	param[0] = 0x0;
284 	r = nfc_hci_set_param(hdev, NFC_HCI_RF_READER_A_GATE,
285 			      PN544_RF_READER_A_AUTO_ACTIVATION, param, 1);
286 	if (r < 0)
287 		return r;
288 
289 	r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
290 			       NFC_HCI_EVT_END_OPERATION, NULL, 0);
291 	if (r < 0)
292 		return r;
293 
294 	param[0] = 0x1;
295 	r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
296 			      PN544_PL_NFCT_DEACTIVATED, param, 1);
297 	if (r < 0)
298 		return r;
299 
300 	param[0] = 0x0;
301 	r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
302 			      PN544_PL_RDPHASES, param, 1);
303 	if (r < 0)
304 		return r;
305 
306 	r = nfc_hci_get_param(hdev, NFC_HCI_ID_MGMT_GATE,
307 			      PN544_ID_MGMT_FULL_VERSION_SW, &skb);
308 	if (r < 0)
309 		return r;
310 
311 	if (skb->len != FULL_VERSION_LEN) {
312 		kfree_skb(skb);
313 		return -EINVAL;
314 	}
315 
316 	print_hex_dump(KERN_DEBUG, "FULL VERSION SOFTWARE INFO: ",
317 		       DUMP_PREFIX_NONE, 16, 1,
318 		       skb->data, FULL_VERSION_LEN, false);
319 
320 	kfree_skb(skb);
321 
322 	return 0;
323 }
324 
pn544_hci_xmit(struct nfc_hci_dev * hdev,struct sk_buff * skb)325 static int pn544_hci_xmit(struct nfc_hci_dev *hdev, struct sk_buff *skb)
326 {
327 	struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
328 
329 	return info->phy_ops->write(info->phy_id, skb);
330 }
331 
pn544_hci_start_poll(struct nfc_hci_dev * hdev,u32 im_protocols,u32 tm_protocols)332 static int pn544_hci_start_poll(struct nfc_hci_dev *hdev,
333 				u32 im_protocols, u32 tm_protocols)
334 {
335 	u8 phases = 0;
336 	int r;
337 	u8 duration[2];
338 	u8 activated;
339 	u8 i_mode = 0x3f; /* Enable all supported modes */
340 	u8 t_mode = 0x0f;
341 	u8 t_merge = 0x01; /* Enable merge by default */
342 
343 	pr_info(DRIVER_DESC ": %s protocols 0x%x 0x%x\n",
344 		__func__, im_protocols, tm_protocols);
345 
346 	r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
347 			       NFC_HCI_EVT_END_OPERATION, NULL, 0);
348 	if (r < 0)
349 		return r;
350 
351 	duration[0] = 0x18;
352 	duration[1] = 0x6a;
353 	r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
354 			      PN544_PL_EMULATION, duration, 2);
355 	if (r < 0)
356 		return r;
357 
358 	activated = 0;
359 	r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
360 			      PN544_PL_NFCT_DEACTIVATED, &activated, 1);
361 	if (r < 0)
362 		return r;
363 
364 	if (im_protocols & (NFC_PROTO_ISO14443_MASK | NFC_PROTO_MIFARE_MASK |
365 			 NFC_PROTO_JEWEL_MASK))
366 		phases |= 1;		/* Type A */
367 	if (im_protocols & NFC_PROTO_FELICA_MASK) {
368 		phases |= (1 << 2);	/* Type F 212 */
369 		phases |= (1 << 3);	/* Type F 424 */
370 	}
371 
372 	phases |= (1 << 5);		/* NFC active */
373 
374 	r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
375 			      PN544_PL_RDPHASES, &phases, 1);
376 	if (r < 0)
377 		return r;
378 
379 	if ((im_protocols | tm_protocols) & NFC_PROTO_NFC_DEP_MASK) {
380 		hdev->gb = nfc_get_local_general_bytes(hdev->ndev,
381 							&hdev->gb_len);
382 		pr_debug("generate local bytes %p\n", hdev->gb);
383 		if (hdev->gb == NULL || hdev->gb_len == 0) {
384 			im_protocols &= ~NFC_PROTO_NFC_DEP_MASK;
385 			tm_protocols &= ~NFC_PROTO_NFC_DEP_MASK;
386 		}
387 	}
388 
389 	if (im_protocols & NFC_PROTO_NFC_DEP_MASK) {
390 		r = nfc_hci_send_event(hdev,
391 				PN544_RF_READER_NFCIP1_INITIATOR_GATE,
392 				NFC_HCI_EVT_END_OPERATION, NULL, 0);
393 		if (r < 0)
394 			return r;
395 
396 		r = nfc_hci_set_param(hdev,
397 				PN544_RF_READER_NFCIP1_INITIATOR_GATE,
398 				PN544_DEP_MODE, &i_mode, 1);
399 		if (r < 0)
400 			return r;
401 
402 		r = nfc_hci_set_param(hdev,
403 				PN544_RF_READER_NFCIP1_INITIATOR_GATE,
404 				PN544_DEP_ATR_REQ, hdev->gb, hdev->gb_len);
405 		if (r < 0)
406 			return r;
407 
408 		r = nfc_hci_send_event(hdev,
409 				PN544_RF_READER_NFCIP1_INITIATOR_GATE,
410 				NFC_HCI_EVT_READER_REQUESTED, NULL, 0);
411 		if (r < 0)
412 			nfc_hci_send_event(hdev,
413 					PN544_RF_READER_NFCIP1_INITIATOR_GATE,
414 					NFC_HCI_EVT_END_OPERATION, NULL, 0);
415 	}
416 
417 	if (tm_protocols & NFC_PROTO_NFC_DEP_MASK) {
418 		r = nfc_hci_set_param(hdev, PN544_RF_READER_NFCIP1_TARGET_GATE,
419 				PN544_DEP_MODE, &t_mode, 1);
420 		if (r < 0)
421 			return r;
422 
423 		r = nfc_hci_set_param(hdev, PN544_RF_READER_NFCIP1_TARGET_GATE,
424 				PN544_DEP_ATR_RES, hdev->gb, hdev->gb_len);
425 		if (r < 0)
426 			return r;
427 
428 		r = nfc_hci_set_param(hdev, PN544_RF_READER_NFCIP1_TARGET_GATE,
429 				PN544_DEP_MERGE, &t_merge, 1);
430 		if (r < 0)
431 			return r;
432 	}
433 
434 	r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
435 			       NFC_HCI_EVT_READER_REQUESTED, NULL, 0);
436 	if (r < 0)
437 		nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
438 				   NFC_HCI_EVT_END_OPERATION, NULL, 0);
439 
440 	return r;
441 }
442 
pn544_hci_dep_link_up(struct nfc_hci_dev * hdev,struct nfc_target * target,u8 comm_mode,u8 * gb,size_t gb_len)443 static int pn544_hci_dep_link_up(struct nfc_hci_dev *hdev,
444 				struct nfc_target *target, u8 comm_mode,
445 				u8 *gb, size_t gb_len)
446 {
447 	struct sk_buff *rgb_skb = NULL;
448 	int r;
449 
450 	r = nfc_hci_get_param(hdev, target->hci_reader_gate,
451 				PN544_DEP_ATR_RES, &rgb_skb);
452 	if (r < 0)
453 		return r;
454 
455 	if (rgb_skb->len == 0 || rgb_skb->len > NFC_GB_MAXSIZE) {
456 		r = -EPROTO;
457 		goto exit;
458 	}
459 	print_hex_dump(KERN_DEBUG, "remote gb: ", DUMP_PREFIX_OFFSET,
460 			16, 1, rgb_skb->data, rgb_skb->len, true);
461 
462 	r = nfc_set_remote_general_bytes(hdev->ndev, rgb_skb->data,
463 						rgb_skb->len);
464 
465 	if (r == 0)
466 		r = nfc_dep_link_is_up(hdev->ndev, target->idx, comm_mode,
467 					NFC_RF_INITIATOR);
468 exit:
469 	kfree_skb(rgb_skb);
470 	return r;
471 }
472 
pn544_hci_dep_link_down(struct nfc_hci_dev * hdev)473 static int pn544_hci_dep_link_down(struct nfc_hci_dev *hdev)
474 {
475 
476 	return nfc_hci_send_event(hdev, PN544_RF_READER_NFCIP1_INITIATOR_GATE,
477 					NFC_HCI_EVT_END_OPERATION, NULL, 0);
478 }
479 
pn544_hci_target_from_gate(struct nfc_hci_dev * hdev,u8 gate,struct nfc_target * target)480 static int pn544_hci_target_from_gate(struct nfc_hci_dev *hdev, u8 gate,
481 				      struct nfc_target *target)
482 {
483 	switch (gate) {
484 	case PN544_RF_READER_F_GATE:
485 		target->supported_protocols = NFC_PROTO_FELICA_MASK;
486 		break;
487 	case PN544_RF_READER_JEWEL_GATE:
488 		target->supported_protocols = NFC_PROTO_JEWEL_MASK;
489 		target->sens_res = 0x0c00;
490 		break;
491 	case PN544_RF_READER_NFCIP1_INITIATOR_GATE:
492 		target->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
493 		break;
494 	default:
495 		return -EPROTO;
496 	}
497 
498 	return 0;
499 }
500 
pn544_hci_complete_target_discovered(struct nfc_hci_dev * hdev,u8 gate,struct nfc_target * target)501 static int pn544_hci_complete_target_discovered(struct nfc_hci_dev *hdev,
502 						u8 gate,
503 						struct nfc_target *target)
504 {
505 	struct sk_buff *uid_skb;
506 	int r = 0;
507 
508 	if (gate == PN544_RF_READER_NFCIP1_INITIATOR_GATE)
509 		return r;
510 
511 	if (target->supported_protocols & NFC_PROTO_NFC_DEP_MASK) {
512 		r = nfc_hci_send_cmd(hdev,
513 			PN544_RF_READER_NFCIP1_INITIATOR_GATE,
514 			PN544_HCI_CMD_CONTINUE_ACTIVATION, NULL, 0, NULL);
515 		if (r < 0)
516 			return r;
517 
518 		target->hci_reader_gate = PN544_RF_READER_NFCIP1_INITIATOR_GATE;
519 	} else if (target->supported_protocols & NFC_PROTO_MIFARE_MASK) {
520 		if (target->nfcid1_len != 4 && target->nfcid1_len != 7 &&
521 		    target->nfcid1_len != 10)
522 			return -EPROTO;
523 
524 		r = nfc_hci_send_cmd(hdev, NFC_HCI_RF_READER_A_GATE,
525 				     PN544_RF_READER_CMD_ACTIVATE_NEXT,
526 				     target->nfcid1, target->nfcid1_len, NULL);
527 	} else if (target->supported_protocols & NFC_PROTO_FELICA_MASK) {
528 		r = nfc_hci_get_param(hdev, PN544_RF_READER_F_GATE,
529 				      PN544_FELICA_ID, &uid_skb);
530 		if (r < 0)
531 			return r;
532 
533 		if (uid_skb->len != 8) {
534 			kfree_skb(uid_skb);
535 			return -EPROTO;
536 		}
537 
538 		/* Type F NFC-DEP IDm has prefix 0x01FE */
539 		if ((uid_skb->data[0] == 0x01) && (uid_skb->data[1] == 0xfe)) {
540 			kfree_skb(uid_skb);
541 			r = nfc_hci_send_cmd(hdev,
542 					PN544_RF_READER_NFCIP1_INITIATOR_GATE,
543 					PN544_HCI_CMD_CONTINUE_ACTIVATION,
544 					NULL, 0, NULL);
545 			if (r < 0)
546 				return r;
547 
548 			target->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
549 			target->hci_reader_gate =
550 				PN544_RF_READER_NFCIP1_INITIATOR_GATE;
551 		} else {
552 			r = nfc_hci_send_cmd(hdev, PN544_RF_READER_F_GATE,
553 					     PN544_RF_READER_CMD_ACTIVATE_NEXT,
554 					     uid_skb->data, uid_skb->len, NULL);
555 			kfree_skb(uid_skb);
556 		}
557 	} else if (target->supported_protocols & NFC_PROTO_ISO14443_MASK) {
558 		/*
559 		 * TODO: maybe other ISO 14443 require some kind of continue
560 		 * activation, but for now we've seen only this one below.
561 		 */
562 		if (target->sens_res == 0x4403)	/* Type 4 Mifare DESFire */
563 			r = nfc_hci_send_cmd(hdev, NFC_HCI_RF_READER_A_GATE,
564 			      PN544_RF_READER_A_CMD_CONTINUE_ACTIVATION,
565 			      NULL, 0, NULL);
566 	}
567 
568 	return r;
569 }
570 
571 #define PN544_CB_TYPE_READER_F 1
572 
pn544_hci_data_exchange_cb(void * context,struct sk_buff * skb,int err)573 static void pn544_hci_data_exchange_cb(void *context, struct sk_buff *skb,
574 				       int err)
575 {
576 	struct pn544_hci_info *info = context;
577 
578 	switch (info->async_cb_type) {
579 	case PN544_CB_TYPE_READER_F:
580 		if (err == 0)
581 			skb_pull(skb, 1);
582 		info->async_cb(info->async_cb_context, skb, err);
583 		break;
584 	default:
585 		if (err == 0)
586 			kfree_skb(skb);
587 		break;
588 	}
589 }
590 
591 #define MIFARE_CMD_AUTH_KEY_A	0x60
592 #define MIFARE_CMD_AUTH_KEY_B	0x61
593 #define MIFARE_CMD_HEADER	2
594 #define MIFARE_UID_LEN		4
595 #define MIFARE_KEY_LEN		6
596 #define MIFARE_CMD_LEN		12
597 /*
598  * Returns:
599  * <= 0: driver handled the data exchange
600  *    1: driver doesn't especially handle, please do standard processing
601  */
pn544_hci_im_transceive(struct nfc_hci_dev * hdev,struct nfc_target * target,struct sk_buff * skb,data_exchange_cb_t cb,void * cb_context)602 static int pn544_hci_im_transceive(struct nfc_hci_dev *hdev,
603 				   struct nfc_target *target,
604 				   struct sk_buff *skb, data_exchange_cb_t cb,
605 				   void *cb_context)
606 {
607 	struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
608 
609 	pr_info(DRIVER_DESC ": %s for gate=%d\n", __func__,
610 		target->hci_reader_gate);
611 
612 	switch (target->hci_reader_gate) {
613 	case NFC_HCI_RF_READER_A_GATE:
614 		if (target->supported_protocols & NFC_PROTO_MIFARE_MASK) {
615 			/*
616 			 * It seems that pn544 is inverting key and UID for
617 			 * MIFARE authentication commands.
618 			 */
619 			if (skb->len == MIFARE_CMD_LEN &&
620 			    (skb->data[0] == MIFARE_CMD_AUTH_KEY_A ||
621 			     skb->data[0] == MIFARE_CMD_AUTH_KEY_B)) {
622 				u8 uid[MIFARE_UID_LEN];
623 				u8 *data = skb->data + MIFARE_CMD_HEADER;
624 
625 				memcpy(uid, data + MIFARE_KEY_LEN,
626 				       MIFARE_UID_LEN);
627 				memmove(data + MIFARE_UID_LEN, data,
628 					MIFARE_KEY_LEN);
629 				memcpy(data, uid, MIFARE_UID_LEN);
630 			}
631 
632 			return nfc_hci_send_cmd_async(hdev,
633 						      target->hci_reader_gate,
634 						      PN544_MIFARE_CMD,
635 						      skb->data, skb->len,
636 						      cb, cb_context);
637 		} else
638 			return 1;
639 	case PN544_RF_READER_F_GATE:
640 		*(u8 *)skb_push(skb, 1) = 0;
641 		*(u8 *)skb_push(skb, 1) = 0;
642 
643 		info->async_cb_type = PN544_CB_TYPE_READER_F;
644 		info->async_cb = cb;
645 		info->async_cb_context = cb_context;
646 
647 		return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
648 					      PN544_FELICA_RAW, skb->data,
649 					      skb->len,
650 					      pn544_hci_data_exchange_cb, info);
651 	case PN544_RF_READER_JEWEL_GATE:
652 		return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
653 					      PN544_JEWEL_RAW_CMD, skb->data,
654 					      skb->len, cb, cb_context);
655 	case PN544_RF_READER_NFCIP1_INITIATOR_GATE:
656 		*(u8 *)skb_push(skb, 1) = 0;
657 
658 		return nfc_hci_send_event(hdev, target->hci_reader_gate,
659 					PN544_HCI_EVT_SND_DATA, skb->data,
660 					skb->len);
661 	default:
662 		return 1;
663 	}
664 }
665 
pn544_hci_tm_send(struct nfc_hci_dev * hdev,struct sk_buff * skb)666 static int pn544_hci_tm_send(struct nfc_hci_dev *hdev, struct sk_buff *skb)
667 {
668 	int r;
669 
670 	/* Set default false for multiple information chaining */
671 	*(u8 *)skb_push(skb, 1) = 0;
672 
673 	r = nfc_hci_send_event(hdev, PN544_RF_READER_NFCIP1_TARGET_GATE,
674 			       PN544_HCI_EVT_SND_DATA, skb->data, skb->len);
675 
676 	kfree_skb(skb);
677 
678 	return r;
679 }
680 
pn544_hci_check_presence(struct nfc_hci_dev * hdev,struct nfc_target * target)681 static int pn544_hci_check_presence(struct nfc_hci_dev *hdev,
682 				   struct nfc_target *target)
683 {
684 	pr_debug("supported protocol %d\n", target->supported_protocols);
685 	if (target->supported_protocols & (NFC_PROTO_ISO14443_MASK |
686 					NFC_PROTO_ISO14443_B_MASK)) {
687 		return nfc_hci_send_cmd(hdev, target->hci_reader_gate,
688 					PN544_RF_READER_CMD_PRESENCE_CHECK,
689 					NULL, 0, NULL);
690 	} else if (target->supported_protocols & NFC_PROTO_MIFARE_MASK) {
691 		if (target->nfcid1_len != 4 && target->nfcid1_len != 7 &&
692 		    target->nfcid1_len != 10)
693 			return -EOPNOTSUPP;
694 
695 		return nfc_hci_send_cmd(hdev, NFC_HCI_RF_READER_A_GATE,
696 				     PN544_RF_READER_CMD_ACTIVATE_NEXT,
697 				     target->nfcid1, target->nfcid1_len, NULL);
698 	} else if (target->supported_protocols & (NFC_PROTO_JEWEL_MASK |
699 						NFC_PROTO_FELICA_MASK)) {
700 		return -EOPNOTSUPP;
701 	} else if (target->supported_protocols & NFC_PROTO_NFC_DEP_MASK) {
702 		return nfc_hci_send_cmd(hdev, target->hci_reader_gate,
703 					PN544_HCI_CMD_ATTREQUEST,
704 					NULL, 0, NULL);
705 	}
706 
707 	return 0;
708 }
709 
710 /*
711  * Returns:
712  * <= 0: driver handled the event, skb consumed
713  *    1: driver does not handle the event, please do standard processing
714  */
pn544_hci_event_received(struct nfc_hci_dev * hdev,u8 pipe,u8 event,struct sk_buff * skb)715 static int pn544_hci_event_received(struct nfc_hci_dev *hdev, u8 pipe, u8 event,
716 				    struct sk_buff *skb)
717 {
718 	struct sk_buff *rgb_skb = NULL;
719 	u8 gate = hdev->pipes[pipe].gate;
720 	int r;
721 
722 	pr_debug("hci event %d\n", event);
723 	switch (event) {
724 	case PN544_HCI_EVT_ACTIVATED:
725 		if (gate == PN544_RF_READER_NFCIP1_INITIATOR_GATE) {
726 			r = nfc_hci_target_discovered(hdev, gate);
727 		} else if (gate == PN544_RF_READER_NFCIP1_TARGET_GATE) {
728 			r = nfc_hci_get_param(hdev, gate, PN544_DEP_ATR_REQ,
729 					      &rgb_skb);
730 			if (r < 0)
731 				goto exit;
732 
733 			r = nfc_tm_activated(hdev->ndev, NFC_PROTO_NFC_DEP_MASK,
734 					     NFC_COMM_PASSIVE, rgb_skb->data,
735 					     rgb_skb->len);
736 
737 			kfree_skb(rgb_skb);
738 		} else {
739 			r = -EINVAL;
740 		}
741 		break;
742 	case PN544_HCI_EVT_DEACTIVATED:
743 		r = nfc_hci_send_event(hdev, gate, NFC_HCI_EVT_END_OPERATION,
744 				       NULL, 0);
745 		break;
746 	case PN544_HCI_EVT_RCV_DATA:
747 		if (skb->len < 2) {
748 			r = -EPROTO;
749 			goto exit;
750 		}
751 
752 		if (skb->data[0] != 0) {
753 			pr_debug("data0 %d\n", skb->data[0]);
754 			r = -EPROTO;
755 			goto exit;
756 		}
757 
758 		skb_pull(skb, 2);
759 		return nfc_tm_data_received(hdev->ndev, skb);
760 	default:
761 		return 1;
762 	}
763 
764 exit:
765 	kfree_skb(skb);
766 
767 	return r;
768 }
769 
pn544_hci_fw_download(struct nfc_hci_dev * hdev,const char * firmware_name)770 static int pn544_hci_fw_download(struct nfc_hci_dev *hdev,
771 				 const char *firmware_name)
772 {
773 	struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
774 
775 	if (info->fw_download == NULL)
776 		return -ENOTSUPP;
777 
778 	return info->fw_download(info->phy_id, firmware_name, hdev->sw_romlib);
779 }
780 
pn544_hci_discover_se(struct nfc_hci_dev * hdev)781 static int pn544_hci_discover_se(struct nfc_hci_dev *hdev)
782 {
783 	u32 se_idx = 0;
784 	u8 ese_mode = 0x01; /* Default mode */
785 	struct sk_buff *res_skb;
786 	int r;
787 
788 	r = nfc_hci_send_cmd(hdev, PN544_SYS_MGMT_GATE, PN544_TEST_SWP,
789 			     NULL, 0, &res_skb);
790 
791 	if (r == 0) {
792 		if (res_skb->len == 2 && res_skb->data[0] == 0x00)
793 			nfc_add_se(hdev->ndev, se_idx++, NFC_SE_UICC);
794 
795 		kfree_skb(res_skb);
796 	}
797 
798 	r = nfc_hci_send_event(hdev, PN544_NFC_WI_MGMT_GATE,
799 				PN544_HCI_EVT_SWITCH_MODE,
800 				&ese_mode, 1);
801 	if (r == 0)
802 		nfc_add_se(hdev->ndev, se_idx++, NFC_SE_EMBEDDED);
803 
804 	return !se_idx;
805 }
806 
807 #define PN544_SE_MODE_OFF	0x00
808 #define PN544_SE_MODE_ON	0x01
pn544_hci_enable_se(struct nfc_hci_dev * hdev,u32 se_idx)809 static int pn544_hci_enable_se(struct nfc_hci_dev *hdev, u32 se_idx)
810 {
811 	const struct nfc_se *se;
812 	u8 enable = PN544_SE_MODE_ON;
813 	static struct uicc_gatelist {
814 		u8 head;
815 		u8 adr[2];
816 		u8 value;
817 	} uicc_gatelist[] = {
818 		{0x00, {0x9e, 0xd9}, 0x23},
819 		{0x00, {0x9e, 0xda}, 0x21},
820 		{0x00, {0x9e, 0xdb}, 0x22},
821 		{0x00, {0x9e, 0xdc}, 0x24},
822 	};
823 	struct uicc_gatelist *p = uicc_gatelist;
824 	int count = ARRAY_SIZE(uicc_gatelist);
825 	struct sk_buff *res_skb;
826 	int r;
827 
828 	se = nfc_find_se(hdev->ndev, se_idx);
829 
830 	switch (se->type) {
831 	case NFC_SE_UICC:
832 		while (count--) {
833 			r = nfc_hci_send_cmd(hdev, PN544_SYS_MGMT_GATE,
834 					PN544_WRITE, (u8 *)p, 4, &res_skb);
835 			if (r < 0)
836 				return r;
837 
838 			if (res_skb->len != 1) {
839 				kfree_skb(res_skb);
840 				return -EPROTO;
841 			}
842 
843 			if (res_skb->data[0] != p->value) {
844 				kfree_skb(res_skb);
845 				return -EIO;
846 			}
847 
848 			kfree_skb(res_skb);
849 
850 			p++;
851 		}
852 
853 		return nfc_hci_set_param(hdev, PN544_SWP_MGMT_GATE,
854 			      PN544_SWP_DEFAULT_MODE, &enable, 1);
855 	case NFC_SE_EMBEDDED:
856 		return nfc_hci_set_param(hdev, PN544_NFC_WI_MGMT_GATE,
857 			      PN544_NFC_ESE_DEFAULT_MODE, &enable, 1);
858 
859 	default:
860 		return -EINVAL;
861 	}
862 }
863 
pn544_hci_disable_se(struct nfc_hci_dev * hdev,u32 se_idx)864 static int pn544_hci_disable_se(struct nfc_hci_dev *hdev, u32 se_idx)
865 {
866 	const struct nfc_se *se;
867 	u8 disable = PN544_SE_MODE_OFF;
868 
869 	se = nfc_find_se(hdev->ndev, se_idx);
870 
871 	switch (se->type) {
872 	case NFC_SE_UICC:
873 		return nfc_hci_set_param(hdev, PN544_SWP_MGMT_GATE,
874 			      PN544_SWP_DEFAULT_MODE, &disable, 1);
875 	case NFC_SE_EMBEDDED:
876 		return nfc_hci_set_param(hdev, PN544_NFC_WI_MGMT_GATE,
877 			      PN544_NFC_ESE_DEFAULT_MODE, &disable, 1);
878 	default:
879 		return -EINVAL;
880 	}
881 }
882 
883 static const struct nfc_hci_ops pn544_hci_ops = {
884 	.open = pn544_hci_open,
885 	.close = pn544_hci_close,
886 	.hci_ready = pn544_hci_ready,
887 	.xmit = pn544_hci_xmit,
888 	.start_poll = pn544_hci_start_poll,
889 	.dep_link_up = pn544_hci_dep_link_up,
890 	.dep_link_down = pn544_hci_dep_link_down,
891 	.target_from_gate = pn544_hci_target_from_gate,
892 	.complete_target_discovered = pn544_hci_complete_target_discovered,
893 	.im_transceive = pn544_hci_im_transceive,
894 	.tm_send = pn544_hci_tm_send,
895 	.check_presence = pn544_hci_check_presence,
896 	.event_received = pn544_hci_event_received,
897 	.fw_download = pn544_hci_fw_download,
898 	.discover_se = pn544_hci_discover_se,
899 	.enable_se = pn544_hci_enable_se,
900 	.disable_se = pn544_hci_disable_se,
901 };
902 
pn544_hci_probe(void * phy_id,const struct nfc_phy_ops * phy_ops,char * llc_name,int phy_headroom,int phy_tailroom,int phy_payload,fw_download_t fw_download,struct nfc_hci_dev ** hdev)903 int pn544_hci_probe(void *phy_id, const struct nfc_phy_ops *phy_ops,
904 		    char *llc_name, int phy_headroom, int phy_tailroom,
905 		    int phy_payload, fw_download_t fw_download,
906 		    struct nfc_hci_dev **hdev)
907 {
908 	struct pn544_hci_info *info;
909 	u32 protocols;
910 	struct nfc_hci_init_data init_data;
911 	int r;
912 
913 	info = kzalloc(sizeof(struct pn544_hci_info), GFP_KERNEL);
914 	if (!info) {
915 		r = -ENOMEM;
916 		goto err_info_alloc;
917 	}
918 
919 	info->phy_ops = phy_ops;
920 	info->phy_id = phy_id;
921 	info->fw_download = fw_download;
922 	info->state = PN544_ST_COLD;
923 	mutex_init(&info->info_lock);
924 
925 	init_data.gate_count = ARRAY_SIZE(pn544_gates);
926 
927 	memcpy(init_data.gates, pn544_gates, sizeof(pn544_gates));
928 
929 	/*
930 	 * TODO: Session id must include the driver name + some bus addr
931 	 * persistent info to discriminate 2 identical chips
932 	 */
933 	strcpy(init_data.session_id, "ID544HCI");
934 
935 	protocols = NFC_PROTO_JEWEL_MASK |
936 		    NFC_PROTO_MIFARE_MASK |
937 		    NFC_PROTO_FELICA_MASK |
938 		    NFC_PROTO_ISO14443_MASK |
939 		    NFC_PROTO_ISO14443_B_MASK |
940 		    NFC_PROTO_NFC_DEP_MASK;
941 
942 	info->hdev = nfc_hci_allocate_device(&pn544_hci_ops, &init_data, 0,
943 					     protocols, llc_name,
944 					     phy_headroom + PN544_CMDS_HEADROOM,
945 					     phy_tailroom, phy_payload);
946 	if (!info->hdev) {
947 		pr_err("Cannot allocate nfc hdev\n");
948 		r = -ENOMEM;
949 		goto err_alloc_hdev;
950 	}
951 
952 	nfc_hci_set_clientdata(info->hdev, info);
953 
954 	r = nfc_hci_register_device(info->hdev);
955 	if (r)
956 		goto err_regdev;
957 
958 	*hdev = info->hdev;
959 
960 	return 0;
961 
962 err_regdev:
963 	nfc_hci_free_device(info->hdev);
964 
965 err_alloc_hdev:
966 	kfree(info);
967 
968 err_info_alloc:
969 	return r;
970 }
971 EXPORT_SYMBOL(pn544_hci_probe);
972 
pn544_hci_remove(struct nfc_hci_dev * hdev)973 void pn544_hci_remove(struct nfc_hci_dev *hdev)
974 {
975 	struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
976 
977 	nfc_hci_unregister_device(hdev);
978 	nfc_hci_free_device(hdev);
979 	kfree(info);
980 }
981 EXPORT_SYMBOL(pn544_hci_remove);
982 
983 MODULE_LICENSE("GPL");
984 MODULE_DESCRIPTION(DRIVER_DESC);
985